You are on page 1of 60

Logix5000 Controllers Security

Programming Manual
(Catalog Numbers 1756 ControlLogix,
1769 CompactLogix, 1789 SoftLogix,
1794 FlexLogix, PowerFlex 700S with
DriveLogix)
Important User Information
Solid state equipment has operational characteristics differing from those of electromechanical equipment. Safety Guidelines for the Appli-
cation, Installation and Maintenance of Solid State Controls (publication SGI-1.1 available from your local Rockwell Automation sales office
or online at http://literature.rockwellautomation.com) describes some important differences between solid state equipment and hard-wired
electromechanical devices. Because of this difference, and also because of the wide variety of uses for solid state equipment, all persons re-
sponsible for applying this equipment must satisfy themselves that each intended application of this equipment is acceptable.
In no event will Rockwell Automation, Inc. be responsible or liable for indirect or consequential damages resulting from the use or application
of this equipment.
The examples and diagrams in this manual are included solely for illustrative purposes. Because of the many variables and requirements as-
sociated with any particular installation, Rockwell Automation, Inc. cannot assume responsibility or liability for actual use based on the ex-
amples and diagrams.
No patent liability is assumed by Rockwell Automation, Inc. with respect to use of information, circuits, equipment, or software described in
this manual.
Reproduction of the contents of this manual, in whole or in part, without written permission of Rockwell Automation, Inc., is prohibited.
Throughout this manual, when necessary, we use notes to make you aware of safety considerations.

Identifies information about practices or circumstances that can cause an explosion in a


WARNING
hazardous environment, which may lead to personal injury or death, property damage, or
economic loss.

IMPORTANT Identifies information that is critical for successful application and understanding of the product.

Identifies information about practices or circumstances that can lead to personal injury or death,
ATTENTION
property damage, or economic loss. Attentions help you identify a hazard, avoid a hazard, and
recognize the consequence

SHOCK HAZARD Labels may be on or inside the equipment, for example, a drive or motor, to alert people that
dangerous voltage may be present.

BURN HAZARD Labels may be on or inside the equipment, for example, a drive or motor, to alert people that
surfaces may reach dangerous temperatures.

Allen-Bradley, Rockwell Automation, and TechConnect are trademarks of Rockwell Automation, Inc.

Trademarks not belonging to Rockwell Automation are property of their respective companies.
Table of Contents

Preface Purpose of this Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Chapter 1
Introduction FactoryTalk Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
FactoryTalk Directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
RSSecurity Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Chapter 2
Configuring FactoryTalk Security Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
with RSLogix 5000 Install the Rockwell Software Security Emulator . . . . . . . . . . . . . . . . . . 9
Enable Security for RSLogix 5000 Software. . . . . . . . . . . . . . . . . . . . . 13
Install FactoryTalk Service Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Secure an RSLogix 5000 Software Project File. . . . . . . . . . . . . . . . . . . 18
Apply Security to a Controller Resource. . . . . . . . . . . . . . . . . . . . . . . . 22

Chapter 3
Migrating From a Security Server Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Database to a FactoryTalk Server Import a Security Server Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Import Status Text File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Organizer Import Result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Resource Editor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

Chapter 4
Configure Routine Source Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Protection in RSLogix 5000 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Software Configuring Source Protection on a project file . . . . . . . . . . . . . . . . . . 32
Key File and Key Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Remove Access to a Protected Routine . . . . . . . . . . . . . . . . . . . . . 40
Disable Routine Source Protection. . . . . . . . . . . . . . . . . . . . . . . . . 41

Chapter 5
RSLogix 5000 Software CPU Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Security Tool Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Securing a ControlLogix Controller with Logix CPU Security Tool . . 46
Accessing a Secured Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Removing Security from a ControlLogix Controller
with Logix CPU Security Tool. . . . . . . . . . . . . . . . . . . . . . . . . . 51
Removing a Password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Rockwell Automation Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60


Installation Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
New Product Satisfaction Return . . . . . . . . . . . . . . . . . . . . . . . . . . 60

3Publication 1756-PM016B-EN-P - July 2008 3


Table of Contents

Notes:

4 Publication 1756-PM016B-EN-P - July 2008


Preface

Purpose of this Manual This manual explains how to configure security for RSLogix 5000 software. It
also explains how to setup source protection for your logic and projects. This
manual is one of a set of related manuals that show common procedures for
programming and operating Logix5000 controllers. For a complete list of
common procedures manuals, see the Logix 5000 Controllers Common
Procedures Programming Manual, publication 1756-PM001.

The term Logix5000 controller refers to any controller that is based on the
Logix5000 operating system, such as:
• CompactLogix controllers
• ControlLogix controllers
• DriveLogix controllers
• FlexLogix controllers
• SoftLogix5800 controllers

5Publication 1756-PM016B-EN-P - July 2008 5


Preface

Notes:

6 Publication 1756-PM016B-EN-P - July 2008


Chapter 1

Introduction

This chapter explains what FactoryTalk Security is and how you can
implement security. FactoryTalk Security integrates a common security model
across all FactoryTalk enabled products. The evolution of FactoryTalk Security
software continues with the addition of more products and additional security
functionality.

FactoryTalk Security FactoryTalk Services Platform (FTSP) includes the FactoryTalk


Administration Console (FTAC) which provides the interface for configuring
your system. The installation of FTSP has been significantly updated in
Release 16.03. Instead of prompting you to create individual FactoryTalk
Administrator accounts, FTSP will automatically assign the local computer's
Windows Administrators as FactoryTalk administrators.

FactoryTalk Directories

An important aspect to implementing FactoryTalk Security is the multiple


FactoryTalk Directories. In the FactoryTalk architecture there are two separate
Directory types, Local and Network. A FactoryTalk Local directory is utilized
when all the Rockwell Automation Software products run on a single
computer. The Local FactoryTalk Directory is used for products such as
FactoryTalk View Machine Edition (ME) and FactoryTalk View Site Edition
(SE) Station (Standalone).

Refer to The FactoryTalk Security Quick Start, publication FTSEC-QS001.

The FactoryTalk Network Directory is used when multiple Rockwell


Automation Software products need to share information across multiple
computer systems. The FactoryTalk Network Directory allows these systems
to share a common FactoryTalk Directory for products such as FactoryTalk
View SE, FactoryTalk Integrator, FactoryTalk Batch, and FactoryTalk
AssetCenter.

When securing controllers using the RSLogix family of editors (RSLogix 5 /


500 / 5000), you can use either the FactoryTalk Local or the Network
Directories. If you are trying to coordinate security across multiple computers,
you will need a Network Directory implementation of FactoryTalk Security. If
all of your products reside on a single computer, you will want to utilize Local
FactoryTalk Directory.

7Publication 1756-PM016B-EN-P - July 2008 7


Chapter 1 Introduction

RSSecurity Server

Security implemented in existing products will be migrated into the new


FactoryTalk Security system by utilities in those specific products. For those
products currently using RSSecurity, it is possible to coexist with FactoryTalk
Security. Alternatively, you can migrate to the new system. If migrating to the
new system is desirable, then any product that referenced the RSSecurity
Server can interface to the FactoryTalk Security system via the RSSecurity
Emulator. This Security Emulator can be installed once FTSP is installed on
any computer that will host products such as RSLogix 5000, and RSLinx
Classic.

8 Publication 1756-PM016B-EN-P - July 2008


Chapter 2

Configuring FactoryTalk Security with


RSLogix 5000

Introduction This chapter describes how to install and configure FactoryTalk Security.
FactoryTalk Security Service Platform (FTSP) software during the installation
of RSLogix5000 software. If you find that the Security feature is not enabled in
RSLogix5000 software as shown in this screen, you will need to enable the
feature. Refer to Enable Security for RSLogix 5000 Software on page 13.

Install the Rockwell RSLogix 5000 software uses the Rockwell Software Security Emulator to
communicate with FactoryTalk Security. Follow these instructions to install the
Software Security Emulator Rockwell Software Security Emulator.

1. From the Start menu select Programs>Rockwell Software>FactoryTalk


Tools>RSSecurity Emulator Install

9Publication 1756-PM016B-EN-P - July 2008 9


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

2. Select Next on the Welcome screen.

3. Click the I accept the terms in the license agreement and click Next.

4. Select Next on the Customer Information screen.

10 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

5. Choose the Setup Type and click Next.

6. Select the FactoryTalk Directory for the Emulator to work with.

The RSSecurity Emulator can only communicate to one FactoryTalk


Directory.

7. Select Next to continue.

Publication 1756-PM016B-EN-P - July 2008 11


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

8. Click Next to begin the install.

Install Status screen displays.

9. Click Finish to complete the installation.

12 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

Enable Security for RSLogix The SetSecKeys utility must be executed to enable security for RSLogix 5000
software.
5000 Software
1. Locate the SetSecKeys.exe in this folder:

C:\Program Files\Rockwell Software\RSLogix


5000\ENU\v17\Security

This file is added to the system during the RSLogix 5000 install.

2. Double-click the file to begin configuration.

3. Select the RS5000Keys.ini file and click Open.

ATTENTION
Once you have enabled security, only Rockwell Automation
Technical Support can turn off RSLogix 5000 security.

Publication 1756-PM016B-EN-P - July 2008 13


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

4. Check RSLogix 5000 and click OK.

Install FactoryTalk Service If you find that the Security feature does not enable in RSLogix5000 software
as shown in this screen, you will need to make sure FactoryTalk Service
Platform Platform (FTSP) is installed properly..

Follow these instructions to install the FactoryTalk Service Platform (FTSP)


software.

14 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

1. Locate and double-click to run the Setup.exe file. The file is at the
following location on the install disk.

2. Click Next on the Welcome screen

3. Check the I accept the terms in the license agreement and click Next.

Publication 1756-PM016B-EN-P - July 2008 15


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

The installation options screen displays.

This displays the installation options available to you contained in this


installation file. This screen lets you select if you want the FactoryTalk
Administration Console installed. You may not want to install the
Administration Console on every system.

4. Click Next to continue.

5. Click Install to begin the installation

Status Screen displays.

16 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

The installation automatically configures the FactoryTalk Local and


Network Directories. During configuration, the install will backup
existing FactoryTalk Directories. On upgrades from earlier versions, the
backup will backup the exiting FactoryTalk Directory. For new
installations, the pre-configured FactoryTalk Directories will be backed
up.

The backups let you restore a FactoryTalk Directory to a previous


software release.

6. Click Finish to complete the installation.

After the installation is complete, refer back to Enable Security for RSLogix
5000 Software on page 13. If you are still having problems, refer to The
FactoryTalk Security Quick Start, publication FTSEC-QS001.

Publication 1756-PM016B-EN-P - July 2008 17


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

Secure an RSLogix 5000 Once you have configured the RSLogix 5000 software to be security aware, the
next step is to enable security in a RSLogix 5000 software project file. Follow
Software Project File these steps to secure a project file.

1. Launch RSLogix 5000 from the start

menu or the program icon .

The default FactoryTalk Security configuration has Single Sign On


enabled, so you will not be prompted to Log On to FactoryTalk.
Customers upgrading from versions prior to 16.03 or customers that
have modified the default FactoryTalk Security configuration will be
prompted to Log On to FactoryTalk.

2. If prompted to Log On to FactoryTalk, enter a valid set for FactoryTalk


credentials. In the example below, the FactoryTalk Directory (FTD) was
configured with an account called FTADMIN.

3. Open the RSLogix 5000 project file that you want to secure.

In this example, the DayOfWeek example project file was opened.

18 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

4. Open the Controller Properties page from the Edit Menu.

5. Record the Name of the Project file displayed on the General tab. In this
example, the name is DayOfWeek.

TIP The name of the Controller can match the name of the ACD
file, but is not required to.

6. Select the Advanced tab in the Controller Properties window.

Publication 1756-PM016B-EN-P - July 2008 19


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

7. Change the Security setting to FactoryTalk and click OK.

8. Click Yes on the warning dial box to confirm you want to enable
security for the project file.

9. Save the project file

10. From the Communication menu select Who Active.

20 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

11. In the Who Active windows, locate and select the controller resource.

12. Click Download to continue.

13. After the download completes, close RSLogix 5000 software. If


prompted, save changes.

Publication 1756-PM016B-EN-P - July 2008 21


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

Apply Security to a Follow these steps to apply security to a controller resource.


Controller Resource 1. Open the FactoryTalk Administration Console, select Start>Programs
>Rockwell Software>FactoryTalk Administration Console

2. Select the FactoryTalk Directory that the RSSecurity Emulator was


configured to work with.

Refer to the selection you made in the section Install the Rockwell Software
Security Emulator on page 9.

The default FactoryTalk Security configuration has Single Sign On enabled, so


the you will not be prompted to Log On to FactoryTalk. Customers upgrading
from revisions prior to 16.03 or customers that have modified the default
FactoryTalk Security configuration will be prompted to Log On to
FactoryTalk.

If prompted to Log On to FactoryTalk, enter a valid set for FactoryTalk


credentials. In the example below, the FactoryTalk Directory (FTD) was
configured with an account called FTADMIN.

22 Publication 1756-PM016B-EN-P - July 2008


Configuring FactoryTalk Security with RSLogix 5000 Chapter 2

3. Navigate to the controller resource the secured project file was


downloaded to.

Refer to the section Secure an RSLogix 5000 Software Project File on


page 18.

4. Right click on the controller resource and select Properties.

5. In the Logical Name drop down list select the Controller name.

This name should match the settings from the Controller Properties
page that you created during Secure an RSLogix 5000 Software Project
File section. The controller name can also be manually typed in if the
name does not appear in the drop down list.

• The controller in the Network and Devices tree will also display
TIP the controller name property next to the controller resource.
• If the name does not appear in the Network and Devices tree,
open RSLinx Classic and navigate to the controller resource with
RSWho. Navigating to the resource in RSLinx Classic will
update the Controller path information in RSLinx Classic.
FactoryTalk Administration Console uses the controller path
information from RSLinx Classic to display Controllers. Once the
path information is updated in RSLinx Classic, open the
FactoryTalk Administration Console and right click on the
Network and Devices tree and select refresh.

Publication 1756-PM016B-EN-P - July 2008 23


Chapter 2 Configuring FactoryTalk Security with RSLogix 5000

6. Once the Logical Name for the Controller has been set to match the
Controller name, click OK to continue.

This completes the FactoryTalk Security configuration for an RSLogix 5000


controller resource. Individual user or groups rights will still need to be
configured to control access to secured Controllers. For more FactoryTalk
Security information, refer to The FactoryTalk Security Quick Start,
publication FTSEC-QS001.

24 Publication 1756-PM016B-EN-P - July 2008


Chapter 3

Migrating From a Security Server Database to


a FactoryTalk Server

Introduction This chapter describes how to migrate from a Security Server Database to a
FactoryTalk Server. To migrate to a FactoryTalk Security Server you must first
export the security server database and then import the datebase into
FactoryTalk.

Import a Security Server Follow these steps to import a security server database into FactoryTalk
Security.
Database
1. From the Start menu, select Programs -> Rockwell Software ->
FactoryTalk Tools -> Import RSSecurity Configuration

2. Select Import File.

25Publication 1756-PM016B-EN-P - July 2008 25


Chapter 3 Migrating From a Security Server Database to a FactoryTalk Server

3. Choose import file and FT Directory Destination.

4. Click Yes at the Warning message.

5. Provide your username and password to logon to FactoryTalk.

Import status displays.

26 Publication 1756-PM016B-EN-P - July 2008


Migrating From a Security Server Database to a FactoryTalk Server Chapter 3

6. Select how should action and resource groups be imported in to


FactoryTalk and click OK.

7. Review import issue resolution and click continue.

8. Select a group to import.

9. Right click, select add area, and browse to the resource location.

10. Click OK.

Publication 1756-PM016B-EN-P - July 2008 27


Chapter 3 Migrating From a Security Server Database to a FactoryTalk Server

11. Review how these were mapped in to existing FT applications and click
OK.

Import complete graphic displays

Import Status Text File

This graphic shows and example of the Import Status text file that is created
when an import is completed.

28 Publication 1756-PM016B-EN-P - July 2008


Migrating From a Security Server Database to a FactoryTalk Server Chapter 3

Organizer Import Result

This graphic shows the results of the import process in the Organizer.

Resource Editor

This graphic shows the results of the import in the Resource Editor.

Publication 1756-PM016B-EN-P - July 2008 29


Chapter 3 Migrating From a Security Server Database to a FactoryTalk Server

Notes:

30 Publication 1756-PM016B-EN-P - July 2008


Chapter 4

Configure Routine Source Protection in


RSLogix 5000 Software

Introduction This chapter describes how to apply source protection to your RSLogix 5000
routines and Add-On Instructions.

Installation Follow these steps to install RSLogix 5000 Source Protection.

1. Locate the Source Protection tool on the RSLogix 5000 installation CD:
d:\ENU\Tools\Source Protection Tool

2. Double-click on the file RS5KSrcPtc.exe to install RSLogix 5000 Source


Protection.

3. Click Yes.

31Publication 1756-PM016B-EN-P - July 2008 31


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

Configuring Source Follow these steps to configure source protection on a project file.
Protection on a project file

Source Protection can only be configured on a off-line project file.

1. Open an off-line project file.

2. Launch Source Protection from the Tool - Security menu.

Source Protection requires a Source key file location to be specified.

3. Click Yes to specify Source Key File location.

4. Click Browse to specify Source Key File location.

5. Navigate to the folder location to store the key file.

32 Publication 1756-PM016B-EN-P - July 2008


Configure Routine Source Protection in RSLogix 5000 Software Chapter 4

The key file can be saved in any accessible folder. In this example
C:\RSLogix5000\Project folder was specified as the key file location.

6. Click OK to continue.

If a key file in not found in the specified location, you will be prompted
to create a new key file.

7. Click Yes to continue and create the new key file.

Source Protection will have all Program Routines, Add-On Instructions,


and Equipment State Phase Routines in the project file.

Publication 1756-PM016B-EN-P - July 2008 33


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

8. Select a routine that requires protection and click Protect.

9. Enter a Source key to apply to the routine.

In this example, dayofweek is being set as the key for the routine
DayOfWeek. Normally the key would not be set to match the routine
name.

10. Click OK to continue.

The DayOfWeek routine is now protected with the key “dayofweek”.

11. Select the next routine that requires protection and select Protect.

12. Enter a Source key to apply to the routine.

34 Publication 1756-PM016B-EN-P - July 2008


Configure Routine Source Protection in RSLogix 5000 Software Chapter 4

In this example test_dow is being set as the key for the routine
Test_Dow and the Test_DOW routine will be viewable.

TIP You can set a protected routine to allow or deny viewing of


the routine from a system that does not have keys required
to access the routine. When allow viewing is set, a routine
can be viewed in a read only mode.
Protected routines that do not allow viewing cannot be
viewed by systems that do not have the required key files.

13. Click OK to set the key for the routine.

The Test_DOW routine is protected, but can be viewed in a read only


mode by sources that do not have the key file.

Publication 1756-PM016B-EN-P - July 2008 35


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

The remaining Valve_Logic routine and the MyValveAOI Add-On Instruction


were also protected following the same procedure.

14. Once all the routines and Add On-Instructions that requires protection
are assigned keys, click Close.

15. Save the project file and download it to the controller.

When the project file is opened on a system that does not contain the keys
used to secure the routines and Add-On Instructions, they will be protected
based on the setting in Source Protection Configuration. Test_DOW was
protected and set to viewable in Source Protection Configuration.

36 Publication 1756-PM016B-EN-P - July 2008


Configure Routine Source Protection in RSLogix 5000 Software Chapter 4

The routine can be opened as read only on a system that does not contain the
key for the routine, but the user will not be able to modify the routine.

Routines or Add-On Instructions that are protected, but were not configured
as viewable cannot be opened. The DayOfWeek routine cannot be opened on
a system that does not have the key used to protect the routine. In this graphic,
the icon for the routine is grayed out, indicating the routine cannot be opened.

Inactive icons are grey.

The MyValveAOI cannot be viewed on a system the does not contain the key
used to protect the Add-On Instruction. This is because MyValveAOI was
protected, but not set to be viewable. The Add-On Instruction is shown in the
project's explorer window, but the Parameters and Local Tags for the Add-On

Publication 1756-PM016B-EN-P - July 2008 37


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

Instructions are not viewable on a system that does not contain the required
key used to protect it.

Local Tags, and Logic are not


viewable. Parameters can be
viewed but not edited.

This graphic shows the Add-On Instruction MyValveAOI viewed from a


system that has the key used secure the instruction.

Parameters, Local Tags,


and Logic are viewable
and can be edited..

38 Publication 1756-PM016B-EN-P - July 2008


Configure Routine Source Protection in RSLogix 5000 Software Chapter 4

Key File and Key The Source Protection keys are stored in text file un-encrypted. It is
recommended that the key file be backed up and stored in a secure location. If
Distribution necessary, the individual keys can be distributed or provided to the necessary
parties.

The keys created when the routines and Add-On Instructions were secured
with Source Protection were stored in the file sk.dat un-encrypted.

Publication 1756-PM016B-EN-P - July 2008 39


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

Remove Access to a Protected Routine

IMPORTANT Before you remove the source key file (sk.dat) from a computer
either write down the source keys or make a copy of the file
and store it in a secure location.

1. Open the RSLogix 5000 project that is protected.

2. From the Tools menu, choose Security > Configure Source Protection.

3. Click Clear.

A dialog box asks if you want to delete the source key file (sk.dat).

4. Select Yes, to remove or No, not to remove the source key file from the
computer.

40 Publication 1756-PM016B-EN-P - July 2008


Configure Routine Source Protection in RSLogix 5000 Software Chapter 4

Disable Routine Source Protection

IMPORTANT Before you remove the source key file (sk.dat) from a computer
either write down the source keys or make a copy of the file and
store it in a secure location.

1. Open the RSLogix 5000 project that is protected.

2. From the Tools menu, choose Security > Configure Source Protection.

3. Click Disable Ability To Configure Protected Routines.

A dialog box prompts you to confirm the action.

4. Choose Yes.

A dialog box asks if you want to delete the source key file (sk.dat).

5. Select Yes, to remove or No, not to remove the source key file from the
computer.

Publication 1756-PM016B-EN-P - July 2008 41


Chapter 4 Configure Routine Source Protection in RSLogix 5000 Software

Notes:

42 Publication 1756-PM016B-EN-P - July 2008


Chapter 5

RSLogix 5000 Software CPU Security Tool

Introduction This chapter describes how to use the RSLogix 5000 CPU Security Tool to
lock a controller. When a controller is locked, no one can access until it is
unlocked.

Installation The Logix CPU Security Tool is automatically installed when you install
RSLogix 5000 software, version 17. If you find it is not installed follow these
installation instructions. The install file is located on the RSLogix 5000
installation CD under the Tools folder.

To install the Logix CPU Security Tool, do the following:

1. Double-click the file RSLogix Security Tool Installer.msi file.

The Welcome Screen displays.

2. Click Next.

43Publication 1756-PM016B-EN-P - July 2008 43


Chapter 5 RSLogix 5000 Software CPU Security Tool

3. Review the license agreement, select the I Agree radio button, and click
Next.

4. Accept the default installation location and click Next.

44 Publication 1756-PM016B-EN-P - July 2008


RSLogix 5000 Software CPU Security Tool Chapter 5

5. Check the Add to Custom Tools box, if it is not already checked and
click Next.

6. Confirm the installation and click Next.

7. Please wait while the CPU Security Tool runs through the installation
process.

8. After the installation completes click Close.

Publication 1756-PM016B-EN-P - July 2008 45


Chapter 5 RSLogix 5000 Software CPU Security Tool

Securing a ControlLogix You can secure a controller with the Logix CPU Security Tool. The tool is
installed under the RSLogix 5000 Tools menu.
Controller with Logix CPU
Security Tool

1. Start the Logix CPU Security Tool.

Before a controller can be secured, the path the controller must be specified.

2. To specify a path to the controller, use the RSWho button to locate a


controller.

Use the RSWho button to


locate the controller you
need to secure.

46 Publication 1756-PM016B-EN-P - July 2008


RSLogix 5000 Software CPU Security Tool Chapter 5

3. Select the controller that you need to secure and click OK.

The Logix CPU Security Tool displays the current status of the controller.

Notice that the controller


you selected is currently
unsecured and there is
no password set in the
controller.

4. Click Change Password.

5. Enter a password in the new password field and confirm the password
and click OK.

Publication 1756-PM016B-EN-P - July 2008 47


Chapter 5 RSLogix 5000 Software CPU Security Tool

The Password Status for the controller now indicates a Password exists in the
controller, but the controller is not secured yet.

6. Click Secure Controller.

7. Enter the password for the controller click Secure.


If the controller has Nonvolatile
Memory installed, this check box
would save the security state of the
controller to Nonvolatile Memory.

Refer to the RSLogix 5000 Help for


additional information on how to
Save to Nonvolatile Memory.

The controller is now secured.

The controller is now secured.

48 Publication 1756-PM016B-EN-P - July 2008


RSLogix 5000 Software CPU Security Tool Chapter 5

Accessing a Secured Controller

When you try to access a controller that has been secured by the Logix CPU
Security Tool and you don’t have a local copy of the project file on your
computer, you will be prompted to select the proper file.

To access a secured controller, do the following.

1. From the Communication menu select Who Active

2. Select the secured controller and select Go Online.

If you don’t have a local copy of the project file on your computer, you
will be prompted to select a file.

Publication 1756-PM016B-EN-P - July 2008 49


Chapter 5 RSLogix 5000 Software CPU Security Tool

3. Click Select file to either find the project file or to identify a location
where to save a project file.

4. Identify a file and click Select.

5. Reply Yes to create the project and upload.

You are prompted with an unspecific error message informational


screen.

6. Click OK to continue.

50 Publication 1756-PM016B-EN-P - July 2008


RSLogix 5000 Software CPU Security Tool Chapter 5

An error message displays indicating that the controller is currently secured


and will prevent you from going On-Line.

If the project file already exists on the your system, an error message displays
that indicates that the controller is secured and you cannot go online.

Removing Security from a ControlLogix Controller with Logix CPU


Security Tool

To remove security from a controller, do the following.

1. Start the Logix CPU Security Tool.

2. Specify the path to the controller by using RSWho.

3. Select the controller that you want to be unsecured and click OK.

The controller is
currently secured.

4. Select Unsecure Controller.

Publication 1756-PM016B-EN-P - July 2008 51


Chapter 5 RSLogix 5000 Software CPU Security Tool

5. Enter the password for the controller and click Unsecure.

The controller is now unsecured, but the controller still knows the
password.

6. Select Exit.

7. Click Yes to confirm exit and leave the controller in an unsecured state.

Now you can now go online with the controller.

Removing a Password

To remove the password follow these instructions:

1. Click Change password.

2. Remove the “****” empty string and click OK.

52 Publication 1756-PM016B-EN-P - July 2008


RSLogix 5000 Software CPU Security Tool Chapter 5

The controller status is now UNSECURED.

Publication 1756-PM016B-EN-P - July 2008 53


Chapter 5 RSLogix 5000 Software CPU Security Tool

54 Publication 1756-PM016B-EN-P - July 2008


How Are We Doing?
Your comments on our technical publications will help us serve you better in the future.
Thank you for taking the time to provide us feedback.

You can complete this form and mail (or fax) it back to us or email us at
RADocumentComments@ra.rockwell.com.

Pub. Title/Type Logix5000 Controllers Security

Cat. No. 1756 ControlLogix, 1769 Pub. No. 1756-PM016B-EN-P Pub. Date July 2008 Part No.
CompactLogix, 1789
SoftLogix, 1794 FlexLogix,
PowerFlex 700S with
DriveLogix

Please complete the sections below. Where applicable, rank the feature (1=needs improvement, 2=satisfactory, and 3=outstanding).
Overall Usefulness 1 2 3 How can we make this publication more useful for you?

1 2 3 Can we add more information to help you?


Completeness
(all necessary information procedure/step illustration feature
is provided)
example guideline other
explanation definition

Technical Accuracy 1 2 3 Can we be more accurate?


(all provided information
is correct) text illustration

Clarity 1 2 3 How can we make things clearer?


(all provided information is
easy to understand)

Other Comments You can add additional comments on the back of this form.

Your Name
Your Title/Function Would you like us to contact you regarding your comments?
Location/Phone ___No, there is no need to contact me
___Yes, please call me
___Yes, please email me at _______________________
___Yes, please contact me via _____________________

Publication CIG-CO521D-EN-P- July 2007


Return this form to: Rockwell Automation Technical Communications, 1 Allen-Bradley Dr., Mayfield Hts., OH 44124-9705
Fax: 440-646-3525 Email: RADocumentComments@ra.rockwell.com
PLEASE FASTEN HERE (DO NOT STAPLE)

Other Comments

PLEASE FOLD HERE

NO POSTAGE
NECESSARY
IF MAILED
IN THE
UNITED STATES

BUSINESS REPLY MAIL


FIRST-CLASS MAIL PERMIT NO. 18235 CLEVELAND OH

POSTAGE WILL BE PAID BY THE ADDRESSEE

1 ALLEN-BRADLEY DR
MAYFIELD HEIGHTS OH 44124-9705
Publication 1756-PM016B-EN-P - July 2008 59
Supersedes Publication 1756-PM016A-EN-P - September 2007 Copyright © 2008 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.
Rockwell Automation Rockwell Automation provides technical information on the Web to assist you in using
its products. At http://support.rockwellautomation.com, you can find technical
Support manuals, a knowledge base of FAQs, technical and application notes, sample code and
links to software service packs, and a MySupport feature that you can customize to
make the best use of these tools.

For an additional level of technical phone support for installation, configuration, and
troubleshooting, we offer TechConnect support programs. For more information,
contact your local distributor or Rockwell Automation representative, or visit
http://support.rockwellautomation.com.

Installation Assistance

If you experience a problem within the first 24 hours of installation, please review the
information that's contained in this manual. You can also contact a special Customer
Support number for initial help in getting your product up and running.

United States 1.440.646.3434


Monday – Friday, 8am – 5pm EST
Outside United Please contact your local Rockwell Automation representative for any
States technical support issues.

New Product Satisfaction Return

Rockwell Automation tests all of its products to ensure that they are fully operational
when shipped from the manufacturing facility. However, if your product is not
functioning and needs to be returned, follow these procedures.

United States Contact your distributor. You must provide a Customer Support case
number (call the phone number above to obtain one) to your distributor
in order to complete the return process.
Outside United Please contact your local Rockwell Automation representative for the
States return procedure.

Publication 1756-PM016B-EN-P - July 2008 60


Supersedes Publication 1756-PM016A-EN-P - September 2007 Copyright © 2008 Rockwell Automation, Inc. All rights reserved. Printed in the U.S.A.